The Global Times recently discovered that over 50,000 illegal iTunes accounts are being offered for purchase in China. Potential buyers are promised access to purchase iTunes content for free; amounting to seven times the amount paid.
Toaboa.com, China’s largest consumer auction site, is offering hacked iTunes accounts with stolen credit card and contact information to potential customers. These accounts are registered by real people with real personal information, but this blatant form of organized crime has (so far) gone unpunished.
At prices of 1-200 yuan (about $30 a pop), these hacked accounts are distributed through the iTunes login credentials associated with the account’s payment information…
When a compromised account is sold by Toaboa, the buyer receives the login information for that hacked account. The only restriction is that all purchases must be made with the account within 24 hours of the transaction with Toaboa.com. This measure is to ensure that the illegal account is not closed by iTunes before purchases are made.
The auction site shows that thousands of hacked accounts have been sold over the past several months. The Global Times reports,
“Of course these accounts are hacked, otherwise how could they be so cheap?” a customer service representative of one of the online stores admitted to the Global Times.
He assured that the hacked accounts were safe to use due to the legitimate holders being located abroad, but he warned that the accounts needed to be used as quickly as possible. He refused to comment on the methods used to obtain the accounts.”
The Global Times consulted with a Chinese IT expert who helped shed some light on how these iTunes accounts were possibly compromised,
“Xu Yuanzhi, a Chongqing-based IT expert who has been following the case, told the Global Times that hackers either directly hack iTunes accounts owned by foreign users or steal the details of overseas credit cards, which are then used to register several iTunes accounts for purchases.”
Apple’s iTunes is the world’s largest music retailer, with over 150 million credit cards on file. There’s definitely plenty of hacking to be done, but this blatantly public display of crime can only go on for so long before authorities are involved. The Global Times says,
“Cai Haining, deputy director of the Committee for Information Network and High-Tech with the Lawyers’ Association of China, told the Global Times that Taobao should shoulder joint responsibility for its failure to supervise the legitimacy of products being sold on its website.
“It should require sellers to stop selling products if they are found to be illegal, or it should take the blame,” Cai said.”
Apple has declined to comment on this problem. However, a customer representative at Apple China said that Apple is only offering technical support at this time and suggested that iTunes account holders, “better safeguard their account information.”
This is not the first time that iTunes accounts have been exploited, there was a similar problem in July 2010 with reports of iTunes accounts being hacked to purchase media. This Toaboa incident is the most widespread and public display of such a problem.
What do you think about this? Hopefully this criminal activity will be ended soon. I’m sure Apple is working as fast as they can to improve the security of their iTunes infrastructure and pursue legal action.
UPDATE: Reader Simon has informed us that Toaboa has in fact stopped selling hacked iTunes accounts in light of all of the media coverage it has received. PCMAG reports,
“We received some complaints from customers that bought the accounts in question, and in the name of protecting our customers we decided to take all the listings purporting to sell existing accounts down,” said John Spelich, VP of International Corporate Affairs at parent group Alibaba.”
[via ZDNet]